2. LensDoc: Credit Card Dilemma
LensDocâonline retailer of:
Contact lenses
Sun and magnifying glasses
Dental care and personal care products
Customers pay by credit card (90% of all online
purchases in the U.S.)
Easy to purchase
Easy to purchase fraudulently
Contact lenses cannot be returned once used, but
unsatisfied customers want their money back
2
3. LensDoc: Credit Card Dilemma (cont.)
Solutions:
Process credit card purchases by hand
Require:
Home address
Shipping address
Investigating alternative methods of payment
Cash cards
Special card-swiping peripherals
Credit card processing services
Currently disadvantages outweigh advantages
of any of these alternatives
3
4. Electronic Payments: An Overview
E-payment methods
Credit cards
Electronic funds transfer (EFT)
E-payments
Smart cards
Digital cash and script
Digital checks
E-billing
All have the ability to transfer payment from
one person or party to another
4
5. Electronic Payments: An Overview (cont.)
Four parts involved in epayments
Issuer
Customer/payer/buyer
Merchant/payee/seller
Regulator
Key issue of trust must
be addressed
Privacy
Authentication and
authorization
Integrity
Nonrepudiation
5
6. Electronic Payments: An Overview (cont.)
Crucial factors in determining which method of
e-payment achieves widespread acceptance
Independence
Interoperability and
portability
Security
Anonymity
Divisibility
Ease of use
Transaction fees
6
7. Security for E-Payments
Public key infrastructure
Plaintext
Ciphertext
Encryption algorithm
Key
Types of encryption systems
Symmetric (private key)
Used to encrypt and decrypt plain text
Shared by sender and receiver of text
Asymmetric (public key)
Uses a pair of keys
Public key to encrypt the message
Private key to decrypt the message
7
10. Security for E-Payments (cont.)
Digital Signatures: authenticity and nondenial
Analogous to handwritten signature
Based on public keys
Used to:
Authenticate the identity of the sender of a
message or document
Ensure the original content of the electronic
message or document is unchanged
Benefits:
Portable
Cannot be easily repudiated or imitated
Can be time stamped
10
12. Security for E-Payments (cont.)
Digital certificates
Identifying the
holder of a public
key (Key-Exchange)
Issued by a trusted
certificate authority
(CA)
Name : âRichardâ
key-Exchange Key :
Signature Key :
Serial # : 29483756
Other Data : 10236283025273
Expires : 6/18/04
Signed : CAâs Signature
12
13. Security for E-Payments (cont.)
Secure socket layer/transport layer security
Secure socket layer (SLL)âhandle on Web
browser, utilizing CAs and data encryption
Encryption
Digital certificates
Digital signatures
In 1996 SSL was standardized and named transport
layer security (TSL)
Operates at TCP/IP layer (base layer for Internet)
IPSecâsecure version of IP protocol
13
14. SET Vs. SSL
Secure Socket Layer (SSL)
Secure Electronic Transaction
(SET)
Complex
SETâtailored to credit card
payment to merchants
SET protocol hides
customerâs credit card
information from merchants
and order information to
banks, to protect privacy
(dual signature)
Simple
SSLâprotocol for
general-purpose secure
message exchanges
(encryption)
SSL protocol may use a
certificate, but there is no
payment gateway.
Merchants need to receive
ordering information and
credit card information
(capturing process
initiated by merchants)
14
15. E-Cards
Three common types of payment cards
Credit cardsâprovides holder with credit to
make purchases up to a limit fixed by the card
issuer
Charge cardsâbalance on a charge card is
supposed to be paid in full upon receipt of
monthly statement
Debit cardâcost of a purchase drawn directly
from holderâs checking account (demanddeposit account)
15
16. E-Cards (cont.)
The Players
Cardholder
Merchant (seller)
Issuer (your bank)
Acquirer (merchantâs financial institution,
acquires the sales slips)
Card association (VISA, MasterCard)
Third-party processors (outsourcers performing
same duties formerly provided by issuers, etc.)
16
18. E-Cards (cont.)
E-wallets
One-click shoppingâsaving your order information
on retailerâs Web server
Name
Shipping address
Billing address
Credit card information
E-walletâsoftware downloaded to cardholderâs
desktop that stores same information and allows
one-click-like shopping
18
19. E-Cards (cont.)
Other security risks with credit cards
Stolen cards
Reneging by the customerâauthorizes a
payment and later denies it
Theft of card details stored on merchantâs
computerâisolate computer storing
information so it cannot be accessed directly
from the Web
Overcoming risks with virtual credit cards
19
20. E-Cards (cont.)
Purchase cards
Instrument of choice for B2B purchasing
Special-purpose, non-revolving payment cards
issued to employees solely for purchasing and
paying for nonstrategic materials and services
20
21. E-Cards (cont.)
Purchase cardsâoperate like other credit cards
Cardholder of corporation places an order for
goods or services
Supplier processes transaction with
authorization of card issuer
Issuer verifies purchase authorization
All cardholdersâ transactions processed
centrallyâone payment for all purchases
Each cardholder reviews monthly statement
Card issuer analyzes transactionsâstandard
and ad hoc reports are made
Card issuer creates electronic file to upload
to corporationâs ledger system
21
22. E-Cards (cont.)
Benefits of purchasing cards
Cost savings
Productivity gains
Bill consolidation
Payment reconciliation
Preferred pricing
Management reports
22
23. E-Cards (cont.)
Smart Cards
Integrated circuit (IC) microprocessor cardsâ
includes IC chips with programmable functions that
make cards âsmartâ
Integrated circuit (IC) memory cardsâno processor
Suitable for uses where card performs fixed
operation
Disposable, prepaid (phone cards)
23
24. E-Cards (cont.)
Optical memory cards
Stores 4MB of data; once written, data
cannot be changed or removed
Ideal for keeping records (medical files)
Require expensive card readers
Categorize smart cards by how they store data
Contact cardâinsert in smart card reader
Contactless cardâembedded antenna
read by another antenna (mass-transit
applications)
24
25. Contactless IC Cards
Proximity Card
Used to access buildings and pay for buses
and other transportation systems
Bus, subway and toll card in many cities
Amplified Remote Sensing Card
Good for a range of up to 100 feet, and can be
used for tolling moving vehicles at gates
Pay toll without stopping (e.g. Highway 91 in
California)
25
27. E-Cards (cont.)
Important applications of smart card use:
Loyalty
Financial
Information technology
Health and social welfare
Transportation
Identification
27
28. E-Cash and
Payment Card Alternatives
E-cash and credit card alternatives (for
micropaymentsâunder $10)
E-cash (eCoin.net)
Identity of user hidden from merchant
Easier to use than earlier e-cash
systems
Requires specialized software
Qpass (Qpass.com)
Set up Qpass account
User name and password
What credit card to charge
28
29. E-Cash and
Payment Card Alternatives (cont.)
PrivateBuy
User establishes account
User assigned 16-digit user number
(anonymous address)
Hides user name and card number from
merchant site
Relies on credit card system already in
place
29
30. E-Cash and
Payment Card Alternatives (cont.)
Echarge enables users to:
Establish accounts
Receive user ID and password
Use instead of credit card numbers
Purchases billed to userâs credit card
Merchants must establish payment option
30
31. E-Cash and
Payment Card Alternatives (cont.)
Stores cash downloaded from bank or credit
card account
Common uses
Disposable vs. reloadable cards
Sample cards
Visa cash
Mondex
Electronic purses
Lack of interoperable equipment and
standards
Common Electronic Purse Specification
31
32. E-Cash and
Payment Card Alternatives (cont.)
E-loyalty and rewards programs
Loyalty programs online
Beenz.com
Consumer earns beenz by visiting,
registering, or purchasing at 300
participating sites
Beenz are stored and used for later
purchases
Partnered with MasterCard to offer
rewardzcardâstored-value card used in
U.S. and Canada for purchases where
MasterCard is accepted
Transfer beenz into money to spend on
Web, by phone, mail order, physical stores
32
33. E-Cash and
Payment Card Alternatives (cont.)
MyPoints-CyberGold
Customers earn cash
Cash used for later purchases or applied to
credit card account
RocketCash
Combines online cash account with rewards
program
User opens account and adds funds
Used to make purchases at participating
merchants
33
34. E-Cash and
Payment Card Alternatives (cont.)
Person-to-person (P2P) payments and
gifts
Enable transfer of funds between two
individuals
Repaying money borrowed
Paying for an item purchased at online
auction
Sending money to students at college
Sending a gift to a family member
34
36. E-Checking
Electronic checkbook
Counterpart of electronic wallet
To be integrated with the accounting
information system of business buyers and
with the payment server of sellers
To save the electronic invoice and receipt of
payment in the buyers and sellers computers
for future retrieval
Example : SafeCheck
Used mainly in B2B
36
37. E-Checking (cont.)
Current checking system
Role of clearinghouses in the check-clearing
process
Magnetic ink characters (MICR)
Costs of the current system
Electronic version of paper check
Leverage check payment systems
Fit within current business practices, eliminate
need for process reengineering
Work like paper check with fewer manual steps
37
38. E-Checking (cont.)
Designed to meet needs of businesses and consumers (state
of the art security systems)
Used by all bank customers with checking accounts
Enhance existing bank accounts with new EC features
Benefits of e-checking for industry-wide savings
Online check collection process
Online notices of check returns
Truncating paper checks at bank of first deposit
Creating new cash management product
opportunities
38
39. E-Checking (cont.)
Truncating paper checks at bank of first
deposit
Creating new cash management product
opportunities
Checkfree (checkfree.com) leading third-party
e-billing vendor
39
40. E-Checking (cont.)
Treasury Department expects e-checks to:
Enhance security through use of public key
cryptography
âPushâ a payment to the payee and not âpullâ
funds from general account of the U.S.
Leverage Internet for its strength as ubiquitous
communication vehicle
Increase payment choices for U.S. Treasury
payees
40
41. E-Billing
Customers are either individuals or
companies
Two common models of e-billing
Biller directâcustomer receives bill from a
single merchant
Third-party consolidatorsâpresents bills from
multiple merchants
41
42. Managerial Issues
In the B2C world, understand your customers
and products
In the B2B world, keep an open mind about
online alternatives
In-house or outsource
Security continues to be a major issue
42